fkie_cve-2023-52994
Vulnerability from fkie_nvd
Published
2025-03-27 17:15
Modified
2025-04-15 14:32
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 ("x86/boot: Skip realmode init code when running as Xen PV guest") missed one code path accessing real_mode_header, leading to dereferencing NULL when suspending the system under Xen: [ 348.284004] PM: suspend entry (deep) [ 348.289532] Filesystems sync: 0.005 seconds [ 348.291545] Freezing user space processes ... (elapsed 0.000 seconds) done. [ 348.292457] OOM killer disabled. [ 348.292462] Freezing remaining freezable tasks ... (elapsed 0.104 seconds) done. [ 348.396612] printk: Suspending console(s) (use no_console_suspend to debug) [ 348.749228] PM: suspend devices took 0.352 seconds [ 348.769713] ACPI: EC: interrupt blocked [ 348.816077] BUG: kernel NULL pointer dereference, address: 000000000000001c [ 348.816080] #PF: supervisor read access in kernel mode [ 348.816081] #PF: error_code(0x0000) - not-present page [ 348.816083] PGD 0 P4D 0 [ 348.816086] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 348.816089] CPU: 0 PID: 6764 Comm: systemd-sleep Not tainted 6.1.3-1.fc32.qubes.x86_64 #1 [ 348.816092] Hardware name: Star Labs StarBook/StarBook, BIOS 8.01 07/03/2022 [ 348.816093] RIP: e030:acpi_get_wakeup_address+0xc/0x20 Fix that by adding an optional acpi callback allowing to skip setting the wakeup address, as in the Xen PV case this will be handled by the hypervisor anyway.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b96903b7fc8c82ddfd92df4cdd83db3e567da0a5Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fe0ba8c23f9a35b0307eb662f16dd3a75fcdae41Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7522E3-150F-436D-BBD7-96C7B4B795ED",
              "versionEndExcluding": "6.1",
              "versionStartIncluding": "6.0.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2050E8-7CF5-47E1-B586-43FEE434D6EE",
              "versionEndExcluding": "6.1.9",
              "versionStartIncluding": "6.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: Fix suspend with Xen PV\n\nCommit f1e525009493 (\"x86/boot: Skip realmode init code when running as\nXen PV guest\") missed one code path accessing real_mode_header, leading\nto dereferencing NULL when suspending the system under Xen:\n\n    [  348.284004] PM: suspend entry (deep)\n    [  348.289532] Filesystems sync: 0.005 seconds\n    [  348.291545] Freezing user space processes ... (elapsed 0.000 seconds) done.\n    [  348.292457] OOM killer disabled.\n    [  348.292462] Freezing remaining freezable tasks ... (elapsed 0.104 seconds) done.\n    [  348.396612] printk: Suspending console(s) (use no_console_suspend to debug)\n    [  348.749228] PM: suspend devices took 0.352 seconds\n    [  348.769713] ACPI: EC: interrupt blocked\n    [  348.816077] BUG: kernel NULL pointer dereference, address: 000000000000001c\n    [  348.816080] #PF: supervisor read access in kernel mode\n    [  348.816081] #PF: error_code(0x0000) - not-present page\n    [  348.816083] PGD 0 P4D 0\n    [  348.816086] Oops: 0000 [#1] PREEMPT SMP NOPTI\n    [  348.816089] CPU: 0 PID: 6764 Comm: systemd-sleep Not tainted 6.1.3-1.fc32.qubes.x86_64 #1\n    [  348.816092] Hardware name: Star Labs StarBook/StarBook, BIOS 8.01 07/03/2022\n    [  348.816093] RIP: e030:acpi_get_wakeup_address+0xc/0x20\n\nFix that by adding an optional acpi callback allowing to skip setting\nthe wakeup address, as in the Xen PV case this will be handled by the\nhypervisor anyway."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: acpi: Fix suspend with Xen PV Commit f1e525009493 (\"x86/boot: Skip realmode init code when running as Xen PV guest\") omiti\u00f3 una ruta de c\u00f3digo que acced\u00eda a real_mode_header, lo que provoc\u00f3 la desreferenciaci\u00f3n de NULL al suspender el sistema bajo Xen: [348.284004] PM: entrada de suspensi\u00f3n (profunda) [348.289532] Sincronizaci\u00f3n de sistemas de archivos: 0,005 segundos [348.291545] Congelaci\u00f3n de procesos de espacio de usuario... (transcurridos 0,000 segundos) hecho. [348.292457] OOM killer deshabilitado. [348.292462] Congelaci\u00f3n de tareas congelables restantes... (transcurridos 0,104 segundos) hecho. [ 348.396612] printk: Suspendiendo consola(s) (use no_console_suspend para depurar) [ 348.749228] PM: suspender dispositivos tom\u00f3 0.352 segundos [ 348.769713] ACPI: EC: interrupci\u00f3n bloqueada [ 348.816077] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 000000000000001c [ 348.816080] #PF: acceso de lectura del supervisor en modo kernel [ 348.816081] #PF: error_code(0x0000) - p\u00e1gina no presente [ 348.816083] PGD 0 P4D 0 [ 348.816086] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 348.816089] CPU: 0 PID: 6764 Comm: systemd-sleep No contaminado 6.1.3-1.fc32.qubes.x86_64 #1 [ 348.816092] Nombre del hardware: Star Labs StarBook/StarBook, BIOS 8.01 07/03/2022 [ 348.816093] RIP: e030:acpi_get_wakeup_address+0xc/0x20 Corrija esto agregando una devoluci\u00f3n de llamada acpi opcional que permita omitir la configuraci\u00f3n de la direcci\u00f3n de activaci\u00f3n, ya que en el caso de Xen PV esto lo manejar\u00e1 el hipervisor de todos modos."
    }
  ],
  "id": "CVE-2023-52994",
  "lastModified": "2025-04-15T14:32:39.637",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-27T17:15:47.053",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b96903b7fc8c82ddfd92df4cdd83db3e567da0a5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fe0ba8c23f9a35b0307eb662f16dd3a75fcdae41"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.